EP3589000A1 - Facilitating network connectivity - Google Patents
Facilitating network connectivity Download PDFInfo
- Publication number
- EP3589000A1 EP3589000A1 EP18305845.2A EP18305845A EP3589000A1 EP 3589000 A1 EP3589000 A1 EP 3589000A1 EP 18305845 A EP18305845 A EP 18305845A EP 3589000 A1 EP3589000 A1 EP 3589000A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- token
- user network
- configuration information
- devices
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000004891 communication Methods 0.000 claims abstract description 41
- 238000000034 method Methods 0.000 claims description 30
- 238000012545 processing Methods 0.000 claims description 21
- 230000006870 function Effects 0.000 abstract description 14
- 230000015654 memory Effects 0.000 description 15
- 238000012546 transfer Methods 0.000 description 13
- 230000008569 process Effects 0.000 description 8
- 230000009471 action Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 238000010438 heat treatment Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/126—Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
Definitions
- the present disclosure relates to provisioning one or more devices for connectivity with a user network using a token proximate to the one or more devices.
- the Internet of Things is a network of devices that allow the direct integration of the physical world with computer-based systems and networks.
- the devices are generally considered to be physical devices that have unique identifiers and are in most cases embedded with electronic sensors and/or actuators to monitor specific kinds of data.
- the devices are typically connected with private and/or public networks, which allow the live transfer and exchange of data with other connected devices and servers.
- a primary application of the loT is an automated system whereby information from the physical world can be stored, accurately monitored and processed for real time decisions.
- loT The key to loT implementation is the interconnectedness of devices.
- Existing loT frameworks provide a software platform that can automatically organise communication between devices and networks as well as manage security, privacy, data storage and bandwidth available for the connected devices. These requirements are generally met by predefined protocols in each loT framework. In practice, this means that an loT system can comprise millions of devices that communicate between themselves and other networks.
- Some examples of existing loT frameworks include RTITM, Microsoft AzureTM loT, CiscoTM loT Cloud and the like.
- Integrating or initialising several devices for connection to an loT network requires a significant amount of manual work by an individual for each device, generally for security reasons.
- This manual work typically includes manual input of device credentials, network passwords, authentication codes and other security parameters and can be an arduous process, especially when involving an initial connection or appropriation of a large number of devices, for example dozens of devices.
- Some large scale loT frameworks with many servers and loT enabled devices attempt to streamline this process or remove human involvement from the registration of devices to increase time efficiency and avoid human error. These frameworks usually may require a physical connection to specific servers or mainframes in a fixed location. However, such largescale models may not be suitable for smaller loT hubs or networks, for examples those associated with a user's household.
- the present disclosure provides techniques for overcoming existing drawbacks in integrating one or more loT enabled devices with an loT network, in particular where the loT network is set up or maintained by a private individual, as can often be the case in a home or office loT networking providing in home or in office integration of devices.
- a portable token is associated with a user network, such as a home or office network.
- the token can enable one or more devices that are in proximity with it to connect to the user network. Therefore, the token herein described is understood to represent, or act on behalf of the user network, or one or more computing devices or server in the user network, to ensure that the device has all the information and/or permissions and/or settings required for it to establish a connection to the user network.
- the token acts as or represents the user network for provisioning a device to connect to the user network, so that such provisioning need not be done by the user network and is done by the token instead.
- the token being capable of representing the user network can be understood to mean the token being capable of association with the user network to facilitate connection of a device to the user network. Consequently, the token representing the user network can be understood to mean being associated with the user network to facilitate connection of a device to the user network.
- the token may be associated with the user network by receiving configuration information for passing on to a device to be connected so that the configuration information need not be provided to the device by the user network but can instead be provided to the device by the token to enable the device to connect to the user network.
- a wireless token capable of representing a user network comprises one or more processing modules.
- the processing modules are configured to authenticate the token with the user network.
- the processing modules may be configured to provide data specific to the token to the user network.
- the data may comprise identifiers, passwords or the like that are transmitted to the user network, so that the user network can verify the identity of the token.
- the user network performs one or more checks to establish that the token in question is authorised to have access to the user network.
- the user network to be represented by the token, once authenticated may comprise a plurality of other loT devices that are communicatively coupled with each other and share data with each other to operate in the user network.
- the processing modules are further configured to, responsive to said authentication, obtain and store configuration information for enabling the token to communicatively couple with the user network one or more devices that are located at or within a defined proximity to the token.
- the obtained configuration information from the token comprises executable instructions to configure a given device among the one or more devices to communicate and share data with the plurality of loT devices that are already part of the user network.
- the configuration information may include network security permissions and/or access codes etc.
- the defined proximity is a defined distance or distance range, for example a distance in the range of less than 50 cm (0 to 50cm), or less than 5cm (0 to 5cm), between the token and the one or more devices.
- the processing modules are also configured to, responsive to a wireless signal received from a device among the one or more devices, establish a temporary secure communication channel between the given device and the token, and provide the configuration information from the token to the given device using the temporary secure channel.
- the configuration information may comprise settings, parameters and the like and/or executable instructions, to enable the given device to establish a connection with and operate in the user network based on the obtained configuration information.
- the token may be configured to register the given device with the user network.
- the token can provision an loT device with configuration information that the loT device requires to connect to a user network, when the token is proximate to the loT device.
- the configuration information that is to be transferred from the token to the device are in the form of executable instruction. This means that once transferred and installed on the device, the instructions are configured to run or be executed on the device to perform a function, or series of functions that cause the device to operate in a manner dictated by such functions.
- the executable instructions are configured to perform such functions irrespective of the type of device, i.e. the executable instructions will perform the functions irrespective of the device that they are installed in.
- the configuration information comprises executable instructions to configure the given device to be unresponsive to any further configuration information received from one or more devices representing networks other that the user network that is associated with the token.
- the executable instructions may include updating one or more setting in the device or setting a flag once the configuration information from the token has been successfully installed. This setting or flag may be set to identify the token and/or user network, and thereby prevent running configuration information from devices or token that are not associated with the user network. 1 Therefore, advantageously the loT device that is provisioned by the token is prevented from connecting to a network other than the user network. This increases security for the loT device and the user network by preventing unauthorised access by other networks.
- the configuration information from the token comprises executable instructions to configure the given device to respond to further or updated configuration information received from the same token, when the token is at or within the defined proximity.
- the executable instructions may further be configured to configure the given device to operate in the user network based on the received further or updated configuration information. Therefore, advantageously an loT device provisioned by the token can be reconfigured for the user network by the same token at or within the defined proximity (and only by the same token where configuration by other tokens is prevented). This allows for secure updating of user network credentials, and other information such as setting, parameters or firmware updates, for the loT device.
- the configuration information from the token comprises executable instructions that require the given device to be reset in the presence of the token at the defined proximity, prior to configuring the given device to operate based on further or updated configuration information from the user network or new configuration information from any other network.
- the configuration information may also configure the given device to be unresponsive to the device reset if the token is not present within the defined proximity of said one or more devices. Therefore, in such embodiments, an loT device provisioned by the token can be reset to enable it to be configured for a different network and/or reconfigured for the same user network, but only when the token is in proximity of the loT device. This secures the loT device against unauthorised configuration or reconfiguration requests by requiring the device to be reset only when the token is proximate to it. Furthermore, the additional security of allowing a reset to take place only when the token is in proximity of the device prevents an unauthorised reset which may erase any earlier settings for a user network.
- the token is configured to communicate with the one of more devices using a short-range communication protocol such near -field communication (NFC) or BluetoothTM.
- NFC near -field communication
- the token may be wearable by a user and may take the form of a ring, armband, necklace, key card or fob or other wearable device, or may be embedded in a device such as a mobile phone, smart phone, tablet computer, smart watch, or the like.
- a device capable of wireless communication comprises one or more processing modules configured to operate to detect a token as described above proximate to it.
- the one or more processing modules are configured to obtain configuration information from the token for registering the device with the user network represented by the token to establish a connection with the user network, and to operate in the user network based on the obtained configuration information.
- the device can operate in the user network using the configuration information directly or indirectly.
- the device is capable of communication with a plurality of tokens as described above, each representing the same user network.
- This device is thus capable of obtaining configuration information that is specific to each of said plurality of tokens for operating in the user network when the device is activated by one token among the plurality of token. Therefore, advantageously the device can be configured to operate in a user network in a certain manner based on the configuration information of the token that activates the device. This provides for applications where one or more tokens have one or more different permissions associated with the same user network, such as multiple personalised key cards for a system of locks in a building.
- the device is an loT enabled device, wherein the user network is an loT network including a plurality of other loT devices registered to the network.
- a user network represented by at least one token as described above comprises at least: a plurality of devices, for example as described above, that are communicatively coupled with each other and share data with each other to operate in the user network.
- the user network also comprises a router or a control module for connecting the user network with one or more external wireless networks and a database storing information relating to each of plurality of devices and data exchanged between them in the user network.
- the above-mentioned router, control modules, data base etc. are part of the same user network that is associated with the token.
- the token may be communicatively coupled with all devices in the user network to share. For instance, the token will be able to connect to the database or one or more registers in the network to share details of one or more devices that has recently been provisioned with configuration information from token.
- a method for provisioning connectivity with a user network for one or more devices capable of wireless communication comprises detecting, by the one or more devices, a token proximate to the one or more devices, the token having been previously authenticated for managing communication of the one or more devices with the user network.
- the token then establishes a temporary secure communication channel between the token and the one or more devices and the one or more devices obtain, via the temporary secure communication channel, configuration information from the token for registering the one or more devices with the user network.
- the one or more devices are then connect to the user network and are configured to then operate in the user network based on the obtained configuration information.
- a system for implementing the method of the fourth aspect comprises at least a user network as set out in the third aspect; at least one token as set out above in the first aspect for representing the user network; and one or more devices as set out above in the second aspect, to be connected to the user network.
- the user network will be described in the following as an loT network that allows transfer of data between connected devices.
- devices that connected within an loT network include routers for directing communication within and outside the loT network, control panels and/or servers to control data transfer, one or more databases to store information, one or more computing devices using the data transferred etc.
- Figure 1 illustrates an example of an loT network. It will be appreciated that the present description is not limited to the user network being an loT network.
- a token 204 is seen for 204 representing a user network 202, as explained above, and be used for connects one or more loT enabled devices 206 to the user network 202.
- the token 204 can be a mobile phone, an application running on a mobile phone, a smartwatch, or any wearable device that is to be authenticated for association with an existing user network 202, before the token 204 can represent the user network 202.
- the user network 202 may be a trusted or private user loT network within a home or office space etc.
- the user network 202 may be one or an loT network, home network or office network.
- the authentication of the token 204 with the IoT network 202 can be established by known wireless communication protocols and/or using a secure and reliable end-to-end session 208 for such authentication. As part of the authentication process, transfer of one or more of security credentials of the user network 202, permissions specific to the token 204 in question, data verification codes, passwords and the like and other security information takes place using one or more known device authentication techniques. Once the token 204 is authenticated, the device becomes a trusted device for representing the user network 202.
- the token 204 is provided with data and/or generic device credentials for securely provisioning one or more devices 206 to connect with the user network 202.
- provisioning is understood as the process by which the one or more devices 206 can be enabled by the token to connect to the user network 202.
- data and/or generic device credentials is preferably transferred to the token via the same secure communication link 208.
- Some examples of this may be executable instructions to implement unique network and device security permissions, executable instructions to set up network and device credentials for communication, unique identifiers, access codes etc., which are collectively referred to herein as configuration information.
- the configuration information may preferably be encrypted during the transfer, to ensure secure connectivity and transfer of configuration information between the user network 202 to the token 204.
- one or more processing modules or a control system or server within the user network 202 is responsible for providing such configuration information from the user network 202 to the token 204.
- the token is then enabled to provision one or more devices 206 to be connected to or associated with the user network 202.
- the device 206 will then be enabled to automatically join or connect to the user network 202 without any further action required to be taken.
- the device 206 is not part of the user network 202 prior to provisioning by the token 204, as depicted in Figure 2a , and is thus yet to be integrated or connected with the user network 202.
- the provisioning of the device 206 with configuration information may also be carried out when the token in not within a location boundary associated with the network or network range, e.g. if the user network 202 is a network in a user's home, the token can preferably enable a new device 206 to be provisioned for connectivity with the user network 202 outside of the user's home location or outside a pre-defined network perimeter of the user network 202 or out of range of the user network 202.
- More than one token 204 may be authenticated to represent the user network 202. For instance, in a household with four inhabitants, each inhabitant may each have their own token 204 that may be enabled to provision one or more device 206 to connect to the user network 202, for example based on configuration information that is specific to each token 204. In some embodiments, when one or more tokens 204 are authenticated by user network 202, a register of such tokens 204 may be generated or updated within the user network 202, and any new or further authenticated tokens 204 can be added to the register. More than one device 206 can be connected to the user network 202 by a token 204.
- loT devices such as smart lights and heating systems, set top boxes, alarm systems, smart kitchen appliances, stereo systems etc.
- a register of all such loT enabled devices connected to the user network 204 may be generated, and any new devices 206 that are successfully connected to the user network 202 by one or more tokens 204 are then added to this register.
- Registers with information in relation to token(s) 204 or connected device(s) 206 may be stored and accessed from a database or a secure storage module, which may be a device that is part of the user network 202; or the registers may be stored at and accessed from a cloud storage platform via a gateway or router that is within the user network 202.
- secure communication with a new device, not previously connected to the user network 202 is presently possible with the individual input of user IDs, passwords, etc or a manual action in relation to activating a WiFi button or the like within the user network 202, that can detect and register new devices.
- This process is time consuming and involves repeating the same time-consuming process for each new device that requires to be connected to other devices in the user network 202.
- the token 204 For the token 204 to provision a device 206 to connect to an associated loT network, which the token represents, the token 204 establishes a connection with the device 206.
- a connection between the device and token is established using methods such as near-field communication (NFC), radio-frequency identification (RFID) or any other proximity-based communication methods that both, the token 204 and the device 206 are enabled for.
- NFC near-field communication
- RFID radio-frequency identification
- the communication link 208 in Figure 2a for authentication may be closed, or indeed replaced by a further communication link 216 so that the user token 204 after authentication may still be connected to the user network 204.
- connection between a token 204 and a device 206 in a preferred implementation is possible when the device is at or within a predefined proximity or distance, for example 20 to 50 centimetres, or in some cases less than 20 centimetres, from the token.
- a predefined proximity or distance for example 20 to 50 centimetres, or in some cases less than 20 centimetres, from the token.
- NFC a range of 20 centimetres
- BluetoothTM can have different ranges depending on emission power of a device, i.e. class 3 has a range of 1 meter and class 4 has a range of less than 5 meters.
- a predefined proximity or distance is not to be limited to the above-mentioned distances, ideally it is a preference that the distance is not more than 1 meter, away.
- the defined proximity may be the same as the distance dictated by the short-range communication method that is used between the token 202 and the device 206 that is to be provisioned. In other embodiments, the defined proximity may be a set distance which may be enforced on the token 204, for instance a setting for the token 204 that prevents the token 204 from connecting to a device, such as device 206 that is not already part of the user network 202 unless it is at or within the set distance.
- a feature such as a button on the device 206 that is to be connected may need to be activated to search and detect a token 204 proximate to it. Such detection may be performed by the same known short range and proximity based wireless methods as explained above. This ensures that only the device 206 and the token 204 that is within the defined proximity of each other are connected for further provisioning. This prevents other undesired tokens or devices from provisioning the device to work with or connect to a different loT network.
- the token 204 only functions when activated by the user, for example by fingerprint recognition, password input, face recognition, etc. This ensures that only the owner of the token 204 can activate it for connecting to one or more devices 206.
- a temporary secure communication channel 210 is established between the token 204 and the device 206.
- the secure channel 210 is a temporary one, defined by the same defined proximity as set out above, and functions for to ensure that configuration information, which is specific to a token 204, as described above in Figure 2a , is successfully transferred.
- the secure channel 210 is closed or disconnected as this channel 210 between the device 206 and the token 204 is no longer required. This is because after the transfer of the configuration information, the device 206 will be able to connect to the user network 202 and other devices in the user network 202 based on the data in the configuration information.
- the device 206 may in some implementations returns to an original state.
- a signal may be sent from the user network 202 to the token 204 to validate that the configuration information is transferred to the device 206.
- such a signal can be initiated from the device 206 through the user network 202 to the token 204.
- the token 204 may be configured to provide a visual or audible notification of successful transfer of configuration information to a user.
- the token 104b is configured to automatically provide the configuration information to the device 206206.
- the device 206 can now communicate with, and function as part of, the user network 202.
- the user network 202 no longer needs to send its credentials each time a new device is required to be registered to the user network 202, and no manual input of credentials is needed. This reduces available bandwidth usage within the user network 202, and enables an easier, secure and automatic provisioning of connectivity with the user network 202.
- the secure channel 210 within the defined proximity is closed and the device 206 has been provisioned with configuration information
- there may be a communication link present between the device 206 and the token 204 which may the function in the same manner as a communication link 216 that may exist between the network 202 and token 204 in figure 2b .
- the link 216 is not limited to short range or proximity-based protocols and is not intended for the transfer of configuration information.
- the link for example may merely indicates that the token 204 and/or the device are part the user network 202 and can be communicatively coupled with other devices that are part of the user network 202.
- the configuration information that is sent from the token 204 to the device 206 comprises at least one set of executable instruction that perform one or more of the below functionalities of the device 206 to operate in the user network 202.
- the configuration information comprises executable instructions to configure the device 206 to establish a connection to the user network 202, as depicted by communication link 214 in Figure 2c , without any further action or input required from the user network 202 or the device 206.
- This connection 214 with the user network is automatically established once the configuration information is installed in the device 206.
- the configuration information comprises the required access codes, and permissions etc. required for the link 214 to be established.
- the configuration information comprises executable instructions to configure the device 206 to be unresponsive to any further configuration information received from one or more devices or token representing one or more networks other that the user network 202 that is associated with the token 204 that installed the configuration application.
- the device 206 is prevented from connecting to a token or device or a network other than the user network 202, and connected devices and tokens associated with the user network 202. This increases security for the loT device 206 and the user network 202 by preventing unauthorised assess by other networks.
- the configuration information from the token 206 comprises executable instructions to configure the device 206 to respond to additional configuration information received from the token 204, only when the token 204 is at or within the defined proximity. This is so that the device can then operate in the user network 202 based on the additional or new configuration information for the same network 202.
- This is to allow for a secure and easy update of user network 202 permissions specific to the configuration information from the token 204. This update can only be done using the same token 204, when in the defined proximity. In a preferred implementation, this process will require a further temporary secure channel, like channel 210 in Figure 2b to be established.
- the configuration information from the token 204 comprises executable instructions that require a device reset for a given device 206 in the presence of the token 204 at the defined proximity, prior to configuring the device 206 to operate based on further or updated configuration information from the user network 202 or indeed any other network. Furthermore, the configuring information also configures the device 206 to be unresponsive to the device reset if the token 206 is not present within the defined proximity of the device 206. Thus, the device 206 provisioned by the token 204 can be reset to enable it to be configured for a different network and/or reconfigured for the same user network, with updated credentials, only when the token is within the defined proximity to the device 206. This secures the device 206 against unauthorised configuration or reconfiguration requests by requiring the token 204 to be present during any device reset, within the defined proximity.
- a further communication link 212 generated between the device 206 and the token 204, which may then function in the same manner as a communication link 218 that may exist between the network 202 and token 204.
- the link 212 is not limited to short range or proximity-based protocols and is not intended for the transfer of configuration information. Such link may ensure that token 204 and the device 206, after being provisioned with configuration information, are part of the user network 202, and can be communicatively coupled with other devices that are part of the user network 202.
- the device 206 is capable of communication with a plurality of tokens, each representing the user network 202. This device 206 is thus capable of obtaining configuration information that is specific to each of said plurality of tokens for operating in the user network 202 when the device 206 is activated by a token.
- the device 206 may be configured to operate differently, based on the specific configuration information received for each token.
- disconnection from the user network 202 or connection to one or more other tokens, each with like functionality as the first token 204 is not envisioned possible without permission from the first token 204. This ensures that if the device 206 is stolen, it cannot function in another network without the associated token 204 to reset the device 206 to connect to a new network.
- other tokens for the same user network 202 will also require permission from the first token 204.
- the device 206 is a system of door locks in some premises or building and each inhabitant owns a token, which may be the same as token 204; one or more tokens can have full access to all locks/doors on the premises, while other tokens have limited access in varying degrees. For example, only tokens with full access to the all locks/door may have permissions that can open the lock, receive notifications when a lock is opened or closed or connect new tokens to the door lock, while tokens may only be able open the locks/doors in certain locations in the premises.
- FIG. 3 a flow diagram summarising the method for provisioning a device with connectivity with a user network is disclosed.
- Figure 3 is to be read and understood in conjunction with Figures 2a , 2b and 2c .
- the reference to the user network 202, token 204 and device 206 in the steps of figure 3 explained below, are the same as their respective counterparts explained in figures 2a , 2b and 2c and include all the same functionality and features as explained above.
- the device 206 is activated so that the device 206 can detect a token 204 proximate to it, for example within 50 cm of the device, for example as explained above in relation to Figure 2b .
- a temporary secure communication channel such as the channel 210, for example described above in relation to Figure 2b , is set up between the token 204 and the device 206.
- step 308 configuration information specific to the token 204 for provisioning the device 206 with connectivity to a user network represented by the token 204 is transferred from the token 204 to the device 206. This may, for example, take place in the manner as explained in figure 2b .
- the secure channel 210 is then closed at step 310, for example once the configuration information is installed on the device 206.
- the device provisioned with the required configuration information can establish a connection to a user network 202 based on the configuration information that is specific to the token 204.
- FIG. 4 illustrates a block diagram of one implementation of a computing device 400 within which a set of instructions, for causing the computing device to perform any one or more of the methodologies discussed herein, may be executed.
- the computing device 400 may be a router or server in the user loT network or one or more loT enabled devices within the user network.
- the computing device 400 may also be implemented to be the device or token described herein.
- the computing device 400 may be connected (e.g., networked) to other machines in a Local Area Network (LAN), an intranet, an extranet, or the Internet.
- LAN Local Area Network
- the computing device may operate in the capacity of a server or a client machine in a client-server network environment, or as a peer machine in a peer-to-peer (or distributed) network environment.
- the computing device may be a personal computer (PC), a tablet computer, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a server, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine.
- PC personal computer
- PDA Personal Digital Assistant
- computing device shall also be taken to include any collection of machines (e.g., computers) that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
- the example computing device 400 includes a processing device 402, a main memory 404 (e.g., read-only memory (ROM), flash memory, dynamic random-access memory (DRAM) such as synchronous DRAM (SDRAM) or Rambus DRAM (RDRAM), etc.), a static memory 406 (e.g., flash memory, static random-access memory (SRAM), etc.), and a secondary memory (e.g., a data storage device 418), which communicate with each other via a bus 430.
- main memory 404 e.g., read-only memory (ROM), flash memory, dynamic random-access memory (DRAM) such as synchronous DRAM (SDRAM) or Rambus DRAM (RDRAM), etc.
- DRAM dynamic random-access memory
- SDRAM synchronous DRAM
- RDRAM Rambus DRAM
- static memory 406 e.g., flash memory, static random-access memory (SRAM), etc.
- secondary memory e.g., a data storage device 418
- Processing device 402 represents one or more general-purpose processors such as a microprocessor, central processing unit, or the like. More particularly, the processing device 402 may be a complex instruction set computing (CISC) microprocessor, reduced instruction set computing (RISC) microprocessor, very long instruction word (VLIW) microprocessor, processor implementing other instruction sets, or processors implementing a combination of instruction sets. Processing device 402 may also be one or more special-purpose processing devices such as an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a digital signal processor (DSP), network processor, or the like. Processing device 402 is configured to execute the processing logic (instructions 422) for performing the operations and steps discussed herein.
- CISC complex instruction set computing
- RISC reduced instruction set computing
- VLIW very long instruction word
- Processing device 402 may also be one or more special-purpose processing devices such as an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a digital signal processor (DSP
- the computing device 400 may further include a network interface device 408.
- the computing device 400 also may include a video display unit 410 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)), an alphanumeric input device 412 (e.g., a keyboard or touchscreen), a cursor control device 414 (e.g., a mouse or touchscreen), and an audio device 416 (e.g., a speaker).
- a video display unit 410 e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)
- an alphanumeric input device 412 e.g., a keyboard or touchscreen
- a cursor control device 414 e.g., a mouse or touchscreen
- an audio device 416 e.g., a speaker
- the data storage device 418 may include one or more machine-readable storage media (or more specifically one or more non-transitory computer-readable storage media) 428 on which is stored one or more sets of instructions 422 embodying any one or more of the methodologies or functions described herein.
- the instructions 422 may also reside, completely or at least partially, within the main memory 404 and/or within the processing device 402 during execution thereof by the computer system 400, the main memory 404 and the processing device 402 also constituting computer-readable storage media.
- the various methods described above may be implemented by a computer program.
- the computer program may include computer code arranged to instruct a computer to perform the functions of one or more of the various methods described above.
- the computer program and/or the code for performing such methods may be provided to an apparatus, such as a computer, on one or more computer readable media or, more generally, a computer program product.
- the computer readable media may be transitory or non-transitory.
- the one or more computer readable media could be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, or a propagation medium for data transmission, for example for downloading the code over the Internet.
- the one or more computer readable media could take the form of one or more physical computer readable media such as semiconductor or solid-state memory, magnetic tape, a removable computer diskette, a random-access memory (RAM), a read-only memory (ROM), a rigid magnetic disc, and an optical disk, such as a CD-ROM, CD-R/W or DVD.
- physical computer readable media such as semiconductor or solid-state memory, magnetic tape, a removable computer diskette, a random-access memory (RAM), a read-only memory (ROM), a rigid magnetic disc, and an optical disk, such as a CD-ROM, CD-R/W or DVD.
- modules, components and other features described herein can be implemented as discrete components or integrated in the functionality of hardware components such as ASICS, FPGAs, DSPs or similar devices.
- a “hardware component” is a tangible (e.g., non-transitory) physical component (e.g., a set of one or more processors) capable of performing certain operations and may be configured or arranged in a certain physical manner.
- a hardware component may include dedicated circuitry or logic that is permanently configured to perform certain operations.
- a hardware component may be or include a special-purpose processor, such as a field programmable gate array (FPGA) or an ASIC.
- FPGA field programmable gate array
- a hardware component may also include programmable logic or circuitry that is temporarily configured by software to perform certain operations.
- the phrase "hardware component” should be understood to encompass a tangible entity that may be physically constructed, permanently configured (e.g., hardwired), or temporarily configured (e.g., programmed) to operate in a certain manner or to perform certain operations described herein.
- modules and components can be implemented as firmware or functional circuitry within hardware devices. Further, the modules and components can be implemented in any combination of hardware devices and software components, or only in software (e.g., code stored or otherwise embodied in a machine-readable medium or in a transmission medium).
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The present disclosure relates to a wireless token capable of representing a user network, the token being used to automatically provision an IoT enabled device to connect to the user network. Functions required to achieve this include:
authenticate the token with the user network, and responsive to said authentication, obtain and store configuration information for enabling the token to communicatively couple one or more devices at or within a defined proximity to the token, with the user network;
responsive to a wireless signal received from a given device among the one or more devices, establish a temporary secure communication channel between the given device and the token; and
provide the configuration information from the token to the given device using the temporary secure communication channel, wherein the configuration information enables the given device to establish a connection with and operate in the user network based on the obtained configuration information.
authenticate the token with the user network, and responsive to said authentication, obtain and store configuration information for enabling the token to communicatively couple one or more devices at or within a defined proximity to the token, with the user network;
responsive to a wireless signal received from a given device among the one or more devices, establish a temporary secure communication channel between the given device and the token; and
provide the configuration information from the token to the given device using the temporary secure communication channel, wherein the configuration information enables the given device to establish a connection with and operate in the user network based on the obtained configuration information.
Description
- The present disclosure relates to provisioning one or more devices for connectivity with a user network using a token proximate to the one or more devices.
- The Internet of Things (loT) is a network of devices that allow the direct integration of the physical world with computer-based systems and networks. The devices are generally considered to be physical devices that have unique identifiers and are in most cases embedded with electronic sensors and/or actuators to monitor specific kinds of data. The devices are typically connected with private and/or public networks, which allow the live transfer and exchange of data with other connected devices and servers. A primary application of the loT is an automated system whereby information from the physical world can be stored, accurately monitored and processed for real time decisions.
- The key to loT implementation is the interconnectedness of devices. Existing loT frameworks provide a software platform that can automatically organise communication between devices and networks as well as manage security, privacy, data storage and bandwidth available for the connected devices. These requirements are generally met by predefined protocols in each loT framework. In practice, this means that an loT system can comprise millions of devices that communicate between themselves and other networks. Some examples of existing loT frameworks include RTI™, Microsoft Azure™ loT, Cisco™ loT Cloud and the like.
- Integrating or initialising several devices for connection to an loT network requires a significant amount of manual work by an individual for each device, generally for security reasons. This manual work typically includes manual input of device credentials, network passwords, authentication codes and other security parameters and can be an arduous process, especially when involving an initial connection or appropriation of a large number of devices, for example dozens of devices. Some large scale loT frameworks with many servers and loT enabled devices attempt to streamline this process or remove human involvement from the registration of devices to increase time efficiency and avoid human error. These frameworks usually may require a physical connection to specific servers or mainframes in a fixed location. However, such largescale models may not be suitable for smaller loT hubs or networks, for examples those associated with a user's household. The present disclosure provides techniques for overcoming existing drawbacks in integrating one or more loT enabled devices with an loT network, in particular where the loT network is set up or maintained by a private individual, as can often be the case in a home or office loT networking providing in home or in office integration of devices.
- Aspects and embodiments of this disclosure are now described by way of example for the purpose of illustration and with reference to the accompanying drawings, in which:
-
Figure 1 depicts an example of an loT network; -
Figure 2a depicts authentication of a token with a user network, for example a home or office network; -
Figure 2b depicts provisioning an loT device for connection with the user network using the authenticated device; -
Figure 2c depicts the loT device connected with other devices in the user network after being provisioned by a token; -
Figure 3 depicts a flow diagram for provisioning an loT device with connectivity to a user network; and -
Figure 4 is an example implementation of an loT device and/or token. - In overview, methods and devices in accordance with the disclosure relate to provisioning one or more loT devices with connectivity to a user network. A portable token is associated with a user network, such as a home or office network. The token can enable one or more devices that are in proximity with it to connect to the user network. Therefore, the token herein described is understood to represent, or act on behalf of the user network, or one or more computing devices or server in the user network, to ensure that the device has all the information and/or permissions and/or settings required for it to establish a connection to the user network. Thus, the token acts as or represents the user network for provisioning a device to connect to the user network, so that such provisioning need not be done by the user network and is done by the token instead. The token being capable of representing the user network can be understood to mean the token being capable of association with the user network to facilitate connection of a device to the user network. Consequently, the token representing the user network can be understood to mean being associated with the user network to facilitate connection of a device to the user network. For example, the token may be associated with the user network by receiving configuration information for passing on to a device to be connected so that the configuration information need not be provided to the device by the user network but can instead be provided to the device by the token to enable the device to connect to the user network.
- In a first aspect, a wireless token capable of representing a user network is disclosed. The token comprises one or more processing modules. The processing modules are configured to authenticate the token with the user network. To authenticate the token, the processing modules may be configured to provide data specific to the token to the user network. The data may comprise identifiers, passwords or the like that are transmitted to the user network, so that the user network can verify the identity of the token. In some embodiments, the user network performs one or more checks to establish that the token in question is authorised to have access to the user network. The user network to be represented by the token, once authenticated, may comprise a plurality of other loT devices that are communicatively coupled with each other and share data with each other to operate in the user network. The processing modules are further configured to, responsive to said authentication, obtain and store configuration information for enabling the token to communicatively couple with the user network one or more devices that are located at or within a defined proximity to the token. In some embodiments, the obtained configuration information from the token comprises executable instructions to configure a given device among the one or more devices to communicate and share data with the plurality of loT devices that are already part of the user network. For example, the configuration information may include network security permissions and/or access codes etc. In another preferred embodiment, the defined proximity is a defined distance or distance range, for example a distance in the range of less than 50 cm (0 to 50cm), or less than 5cm (0 to 5cm), between the token and the one or more devices. The processing modules are also configured to, responsive to a wireless signal received from a device among the one or more devices, establish a temporary secure communication channel between the given device and the token, and provide the configuration information from the token to the given device using the temporary secure channel. The configuration information may comprise settings, parameters and the like and/or executable instructions, to enable the given device to establish a connection with and operate in the user network based on the obtained configuration information. Finally, in some embodiments the token may be configured to register the given device with the user network.
- Advantageously the token can provision an loT device with configuration information that the loT device requires to connect to a user network, when the token is proximate to the loT device. In this way, a secure, fast and efficient technique for automatically establishing a connection with a user network is enabled. In some embodiments, the configuration information that is to be transferred from the token to the device are in the form of executable instruction. This means that once transferred and installed on the device, the instructions are configured to run or be executed on the device to perform a function, or series of functions that cause the device to operate in a manner dictated by such functions. In some embodiments, the executable instructions are configured to perform such functions irrespective of the type of device, i.e. the executable instructions will perform the functions irrespective of the device that they are installed in.
- In some embodiments, the configuration information comprises executable instructions to configure the given device to be unresponsive to any further configuration information received from one or more devices representing networks other that the user network that is associated with the token. For instance, the executable instructions may include updating one or more setting in the device or setting a flag once the configuration information from the token has been successfully installed. This setting or flag may be set to identify the token and/or user network, and thereby prevent running configuration information from devices or token that are not associated with the user network. 1 Therefore, advantageously the loT device that is provisioned by the token is prevented from connecting to a network other than the user network. This increases security for the loT device and the user network by preventing unauthorised access by other networks.
- In some embodiments, the configuration information from the token comprises executable instructions to configure the given device to respond to further or updated configuration information received from the same token, when the token is at or within the defined proximity. The executable instructions may further be configured to configure the given device to operate in the user network based on the received further or updated configuration information. Therefore, advantageously an loT device provisioned by the token can be reconfigured for the user network by the same token at or within the defined proximity (and only by the same token where configuration by other tokens is prevented). This allows for secure updating of user network credentials, and other information such as setting, parameters or firmware updates, for the loT device.
- In some embodiments, the configuration information from the token comprises executable instructions that require the given device to be reset in the presence of the token at the defined proximity, prior to configuring the given device to operate based on further or updated configuration information from the user network or new configuration information from any other network. Furthermore, the configuration information may also configure the given device to be unresponsive to the device reset if the token is not present within the defined proximity of said one or more devices. Therefore, in such embodiments, an loT device provisioned by the token can be reset to enable it to be configured for a different network and/or reconfigured for the same user network, but only when the token is in proximity of the loT device. This secures the loT device against unauthorised configuration or reconfiguration requests by requiring the device to be reset only when the token is proximate to it. Furthermore, the additional security of allowing a reset to take place only when the token is in proximity of the device prevents an unauthorised reset which may erase any earlier settings for a user network.
- In some embodiment, the token is configured to communicate with the one of more devices using a short-range communication protocol such near -field communication (NFC) or Bluetooth™. In some embodiments, the token may be wearable by a user and may take the form of a ring, armband, necklace, key card or fob or other wearable device, or may be embedded in a device such as a mobile phone, smart phone, tablet computer, smart watch, or the like.
- In a second aspect, a device capable of wireless communication is disclosed. The device comprises one or more processing modules configured to operate to detect a token as described above proximate to it. The one or more processing modules are configured to obtain configuration information from the token for registering the device with the user network represented by the token to
establish a connection with the user network, and to operate in the user network based on the obtained configuration information. - For example, to operate based on or on the basis of configuration information is understood herein to mean that the device can operate in the user network using the configuration information directly or indirectly.
In some embodiments, the device is capable of communication with a plurality of tokens as described above, each representing the same user network. This device is thus capable of obtaining configuration information that is specific to each of said plurality of tokens for operating in the user network when the device is activated by one token among the plurality of token. Therefore, advantageously the device can be configured to operate in a user network in a certain manner based on the configuration information of the token that activates the device. This provides for applications where one or more tokens have one or more different permissions associated with the same user network, such as multiple personalised key cards for a system of locks in a building. - In some embodiments, the device is an loT enabled device, wherein the user network is an loT network including a plurality of other loT devices registered to the network.
- In a third aspect, a user network represented by at least one token as described above is disclosed. The user network comprises at least:
a plurality of devices, for example as described above, that are communicatively coupled with each other and share data with each other to operate in the user network. The user network also comprises a router or a control module for connecting the user network with one or more external wireless networks and a database storing information relating to each of plurality of devices and data exchanged between them in the user network.
Thus, the above-mentioned router, control modules, data base etc. are part of the same user network that is associated with the token. In some embodiments, the token may be communicatively coupled with all devices in the user network to share. For instance, the token will be able to connect to the database or one or more registers in the network to share details of one or more devices that has recently been provisioned with configuration information from token. - In a fourth aspect, a method for provisioning connectivity with a user network for one or more devices capable of wireless communication is disclosed. The method comprises detecting, by the one or more devices, a token proximate to the one or more devices, the token having been previously authenticated for managing communication of the one or more devices with the user network. The token then establishes
a temporary secure communication channel between the token and the one or more devices and the one or more devices obtain, via the temporary secure communication channel, configuration information from the token for registering the one or more devices with the user network. The one or more devices are then
connect to the user network and are configured to then operate in the user network based on the obtained configuration information. - In a fifth aspect, a system for implementing the method of the fourth aspect is disclosed. The system comprises at least a user network as set out in the third aspect; at least one token as set out above in the first aspect for representing the user network; and one or more devices as set out above in the second aspect, to be connected to the user network.
- Some specific components and embodiments are now described by way of illustration with reference to the accompanying drawings, in which like reference numerals refer to like features
- With reference to
Figure 1 , for the purpose of illustration, the user network will be described in the following as an loT network that allows transfer of data between connected devices. Typically, devices that connected within an loT network include routers for directing communication within and outside the loT network, control panels and/or servers to control data transfer, one or more databases to store information, one or more computing devices using the data transferred etc.Figure 1 illustrates an example of an loT network. It will be appreciated that the present description is not limited to the user network being an loT network. - With reference to
Fig 2a , a token 204 is seen for 204 representing auser network 202, as explained above, and be used for connects one or more loT enableddevices 206 to theuser network 202. The token 204 can be a mobile phone, an application running on a mobile phone, a smartwatch, or any wearable device that is to be authenticated for association with an existinguser network 202, before the token 204 can represent theuser network 202. For example, theuser network 202 may be a trusted or private user loT network within a home or office space etc. Theuser network 202 may be one or an loT network, home network or office network. - The authentication of the token 204 with the
IoT network 202 can be established by known wireless communication protocols and/or using a secure and reliable end-to-end session 208 for such authentication. As part of the authentication process, transfer of one or more of security credentials of theuser network 202, permissions specific to the token 204 in question, data verification codes, passwords and the like and other security information takes place using one or more known device authentication techniques. Once the token 204 is authenticated, the device becomes a trusted device for representing theuser network 202. - Once authentication of the token 204 with the
user network 202 is successful, the token 204 is provided with data and/or generic device credentials for securely provisioning one ormore devices 206 to connect with theuser network 202. Thus, provisioning is understood as the process by which the one ormore devices 206 can be enabled by the token to connect to theuser network 202. Such data and/or generic device credentials is preferably transferred to the token via the samesecure communication link 208. Some examples of this may be executable instructions to implement unique network and device security permissions, executable instructions to set up network and device credentials for communication, unique identifiers, access codes etc., which are collectively referred to herein as configuration information. The configuration information may preferably be encrypted during the transfer, to ensure secure connectivity and transfer of configuration information between theuser network 202 to thetoken 204. Preferably, one or more processing modules or a control system or server within theuser network 202 is responsible for providing such configuration information from theuser network 202 to thetoken 204. - Once the configuration information, which is specific to the token 204 from
user network 202, is installed in one or more processing and/or storage modules of the token 204, the token is then enabled to provision one ormore devices 206 to be connected to or associated with theuser network 202. When the configuration information from the token 204 is installed on adevice 206, as will be explained in more detail below with reference toFigure 2b , thedevice 206 will then be enabled to automatically join or connect to theuser network 202 without any further action required to be taken. Thedevice 206 is not part of theuser network 202 prior to provisioning by the token 204, as depicted inFigure 2a , and is thus yet to be integrated or connected with theuser network 202. The provisioning of thedevice 206 with configuration information may also be carried out when the token in not within a location boundary associated with the network or network range, e.g. if theuser network 202 is a network in a user's home, the token can preferably enable anew device 206 to be provisioned for connectivity with theuser network 202 outside of the user's home location or outside a pre-defined network perimeter of theuser network 202 or out of range of theuser network 202. - More than one
token 204 may be authenticated to represent theuser network 202. For instance, in a household with four inhabitants, each inhabitant may each have theirown token 204 that may be enabled to provision one ormore device 206 to connect to theuser network 202, for example based on configuration information that is specific to each token 204. In some embodiments, when one ormore tokens 204 are authenticated byuser network 202, a register ofsuch tokens 204 may be generated or updated within theuser network 202, and any new or further authenticatedtokens 204 can be added to the register. More than onedevice 206 can be connected to theuser network 202 by atoken 204. For instance, a household with several loT devices such as smart lights and heating systems, set top boxes, alarm systems, smart kitchen appliances, stereo systems etc. is envisioned. A register of all such loT enabled devices connected to theuser network 204 may be generated, and anynew devices 206 that are successfully connected to theuser network 202 by one ormore tokens 204 are then added to this register. - Registers with information in relation to token(s) 204 or connected device(s) 206 may be stored and accessed from a database or a secure storage module, which may be a device that is part of the
user network 202; or the registers may be stored at and accessed from a cloud storage platform via a gateway or router that is within theuser network 202. - With reference to
Figure 2b , using a token 204 that has already been authenticated by auser network 202 for provisioning adevice 206 to connect with theuser network 202 is now described. The token 204,user network 202 anddevice 206 inFigure 2b are understood to be the same as the token 204,user network 202 anddevice 206 inFigure 2a . Establishing connectivity or initialising a communication session using a private or home WiFi network is a common method for connecting devices to an access point for theuser network 206. However, when there are many of potential devices in the range of WiFi connectivity, this causes difficulty in selecting a device for connection. Additionally, secure communication with a new device, not previously connected to theuser network 202 is presently possible with the individual input of user IDs, passwords, etc or a manual action in relation to activating a WiFi button or the like within theuser network 202, that can detect and register new devices. This process is time consuming and involves repeating the same time-consuming process for each new device that requires to be connected to other devices in theuser network 202. - For the token 204 to provision a
device 206 to connect to an associated loT network, which the token represents, the token 204 establishes a connection with thedevice 206. Such connection between the device and token is established using methods such as near-field communication (NFC), radio-frequency identification (RFID) or any other proximity-based communication methods that both, the token 204 and thedevice 206 are enabled for. In a preferred implementation, thecommunication link 208 inFigure 2a for authentication may be closed, or indeed replaced by afurther communication link 216 so that theuser token 204 after authentication may still be connected to theuser network 204. - The connection between a token 204 and a
device 206 in a preferred implementation is possible when the device is at or within a predefined proximity or distance, for example 20 to 50 centimetres, or in some cases less than 20 centimetres, from the token. For example, NFC a range of 20 centimetres, and Bluetooth™ can have different ranges depending on emission power of a device, i.e. class 3 has a range of 1 meter and class 4 has a range of less than 5 meters. Although a predefined proximity or distance is not to be limited to the above-mentioned distances, ideally it is a preference that the distance is not more than 1 meter, away. In some embodiments, the defined proximity may be the same as the distance dictated by the short-range communication method that is used between the token 202 and thedevice 206 that is to be provisioned. In other embodiments, the defined proximity may be a set distance which may be enforced on the token 204, for instance a setting for the token 204 that prevents the token 204 from connecting to a device, such asdevice 206 that is not already part of theuser network 202 unless it is at or within the set distance. - In some implementations, a feature such as a button on the
device 206 that is to be connected may need to be activated to search and detect a token 204 proximate to it. Such detection may be performed by the same known short range and proximity based wireless methods as explained above. This ensures that only thedevice 206 and the token 204 that is within the defined proximity of each other are connected for further provisioning. This prevents other undesired tokens or devices from provisioning the device to work with or connect to a different loT network. - In some embodiments, the token 204 only functions when activated by the user, for example by fingerprint recognition, password input, face recognition, etc. This ensures that only the owner of the token 204 can activate it for connecting to one or
more devices 206. - Once connected, a temporary
secure communication channel 210 is established between the token 204 and thedevice 206. Thesecure channel 210 is a temporary one, defined by the same defined proximity as set out above, and functions for to ensure that configuration information, which is specific to a token 204, as described above inFigure 2a , is successfully transferred. Hence, once the token 204 transfers configuration information to provision thedevice 206 to connect to theuser network 202 represented by the token 204, thesecure channel 210 is closed or disconnected as thischannel 210 between thedevice 206 and the token 204 is no longer required. This is because after the transfer of the configuration information, thedevice 206 will be able to connect to theuser network 202 and other devices in theuser network 202 based on the data in the configuration information. If the configuration information transfer is not completed and thecommunication channel 210 is broken, for example if the token 204 is out of range, thedevice 206 may in some implementations returns to an original state. In some implementations, a signal may be sent from theuser network 202 to the token 204 to validate that the configuration information is transferred to thedevice 206. In other implementations, such a signal can be initiated from thedevice 206 through theuser network 202 to thetoken 204. In some implementations, the token 204 may be configured to provide a visual or audible notification of successful transfer of configuration information to a user. - When the
secure channel 210 is established, the token 104b is configured to automatically provide the configuration information to the device 206206. Once the configuration information from the token 204 is installed on thedevice 206, thedevice 206 can now communicate with, and function as part of, theuser network 202. Thus, by installing configuration information for theuser network 202 using the token 204, theuser network 202 no longer needs to send its credentials each time a new device is required to be registered to theuser network 202, and no manual input of credentials is needed. This reduces available bandwidth usage within theuser network 202, and enables an easier, secure and automatic provisioning of connectivity with theuser network 202. - In some implementations, once the
secure channel 210 within the defined proximity is closed and thedevice 206 has been provisioned with configuration information, there may be a communication link present between thedevice 206 and the token 204, which may the function in the same manner as acommunication link 216 that may exist between thenetwork 202 and token 204 infigure 2b . Thelink 216 is not limited to short range or proximity-based protocols and is not intended for the transfer of configuration information. The link for example may merely indicates that the token 204 and/or the device are part theuser network 202 and can be communicatively coupled with other devices that are part of theuser network 202. - With reference to
figure 2c , the operation of thedevice 206 that has now been provisioned with configuration information for connecting to auser network 206 using a token 204 is described. The configuration information that is sent from the token 204 to thedevice 206 comprises at least one set of executable instruction that perform one or more of the below functionalities of thedevice 206 to operate in theuser network 202. - To implement a first functionality, the configuration information comprises executable instructions to configure the
device 206 to establish a connection to theuser network 202, as depicted bycommunication link 214 inFigure 2c , without any further action or input required from theuser network 202 or thedevice 206. Thisconnection 214 with the user network is automatically established once the configuration information is installed in thedevice 206. As mentioned above, the configuration information comprises the required access codes, and permissions etc. required for thelink 214 to be established. - To implement a second functionality, the configuration information comprises executable instructions to configure the
device 206 to be unresponsive to any further configuration information received from one or more devices or token representing one or more networks other that theuser network 202 that is associated with the token 204 that installed the configuration application. Thus, once provisioned by the token 204, thedevice 206 is prevented from connecting to a token or device or a network other than theuser network 202, and connected devices and tokens associated with theuser network 202. This increases security for theloT device 206 and theuser network 202 by preventing unauthorised assess by other networks. - To implement a third functionality, the configuration information from the token 206 comprises executable instructions to configure the
device 206 to respond to additional configuration information received from the token 204, only when the token 204 is at or within the defined proximity. This is so that the device can then operate in theuser network 202 based on the additional or new configuration information for thesame network 202. This is to allow for a secure and easy update ofuser network 202 permissions specific to the configuration information from the token 204. This update can only be done using thesame token 204, when in the defined proximity. In a preferred implementation, this process will require a further temporary secure channel, likechannel 210 inFigure 2b to be established. - To implement a fourth functionality, the configuration information from the token 204 comprises executable instructions that require a device reset for a given
device 206 in the presence of the token 204 at the defined proximity, prior to configuring thedevice 206 to operate based on further or updated configuration information from theuser network 202 or indeed any other network. Furthermore, the configuring information also configures thedevice 206 to be unresponsive to the device reset if the token 206 is not present within the defined proximity of thedevice 206. Thus, thedevice 206 provisioned by the token 204 can be reset to enable it to be configured for a different network and/or reconfigured for the same user network, with updated credentials, only when the token is within the defined proximity to thedevice 206. This secures thedevice 206 against unauthorised configuration or reconfiguration requests by requiring the token 204 to be present during any device reset, within the defined proximity. - In some implementations, after a secure channel for transfer of configuration information within the defined proximity, such as
secure channel 210 infigure 2b , is closed, there may be afurther communication link 212 generated between thedevice 206 and the token 204, which may then function in the same manner as acommunication link 218 that may exist between thenetwork 202 andtoken 204. Thelink 212 is not limited to short range or proximity-based protocols and is not intended for the transfer of configuration information. Such link may ensure that token 204 and thedevice 206, after being provisioned with configuration information, are part of theuser network 202, and can be communicatively coupled with other devices that are part of theuser network 202. - In some implementations, the
device 206 is capable of communication with a plurality of tokens, each representing theuser network 202. Thisdevice 206 is thus capable of obtaining configuration information that is specific to each of said plurality of tokens for operating in theuser network 202 when thedevice 206 is activated by a token. Thedevice 206 may be configured to operate differently, based on the specific configuration information received for each token. Preferably, once thedevice 206 is connected to theuser network 202 via afirst token 204 for theuser network 202, disconnection from theuser network 202 or connection to one or more other tokens, each with like functionality as thefirst token 204, is not envisioned possible without permission from thefirst token 204. This ensures that if thedevice 206 is stolen, it cannot function in another network without the associated token 204 to reset thedevice 206 to connect to a new network. Similarly, other tokens for thesame user network 202 will also require permission from thefirst token 204. - In the case where the
device 206 is a system of door locks in some premises or building and each inhabitant owns a token, which may be the same astoken 204; one or more tokens can have full access to all locks/doors on the premises, while other tokens have limited access in varying degrees. For example, only tokens with full access to the all locks/door may have permissions that can open the lock, receive notifications when a lock is opened or closed or connect new tokens to the door lock, while tokens may only be able open the locks/doors in certain locations in the premises. - With reference to
Figure 3 , a flow diagram summarising the method for provisioning a device with connectivity with a user network is disclosed.Figure 3 is to be read and understood in conjunction withFigures 2a ,2b and2c . The reference to theuser network 202, token 204 anddevice 206 in the steps offigure 3 explained below, are the same as their respective counterparts explained infigures 2a ,2b and2c and include all the same functionality and features as explained above. - At step S302 the
device 206 is activated so that thedevice 206 can detect a token 204 proximate to it, for example within 50 cm of the device, for example as explained above in relation toFigure 2b . - At
step 304 the detected token 204is detected to be in proximity and, at step306, in response to the detection, a temporary secure communication channel, such as thechannel 210, for example described above in relation toFigure 2b , is set up between the token 204 and thedevice 206. - In
step 308, configuration information specific to the token 204 for provisioning thedevice 206 with connectivity to a user network represented by the token 204 is transferred from the token 204 to thedevice 206. This may, for example, take place in the manner as explained infigure 2b . Thesecure channel 210 is then closed atstep 310, for example once the configuration information is installed on thedevice 206. - In
step 312, the device provisioned with the required configuration information, for example in the same manner as explained in relation to thedevice 206 inFigure 2c , can establish a connection to auser network 202 based on the configuration information that is specific to thetoken 204. -
Figure 4 illustrates a block diagram of one implementation of acomputing device 400 within which a set of instructions, for causing the computing device to perform any one or more of the methodologies discussed herein, may be executed. Thecomputing device 400 may be a router or server in the user loT network or one or more loT enabled devices within the user network. Similarly, thecomputing device 400 may also be implemented to be the device or token described herein. In alternative implementations, thecomputing device 400 may be connected (e.g., networked) to other machines in a Local Area Network (LAN), an intranet, an extranet, or the Internet. The computing device may operate in the capacity of a server or a client machine in a client-server network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. The computing device may be a personal computer (PC), a tablet computer, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a server, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single computing device is illustrated, the term "computing device" shall also be taken to include any collection of machines (e.g., computers) that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein. - The
example computing device 400 includes aprocessing device 402, a main memory 404 (e.g., read-only memory (ROM), flash memory, dynamic random-access memory (DRAM) such as synchronous DRAM (SDRAM) or Rambus DRAM (RDRAM), etc.), a static memory 406 (e.g., flash memory, static random-access memory (SRAM), etc.), and a secondary memory (e.g., a data storage device 418), which communicate with each other via abus 430. -
Processing device 402 represents one or more general-purpose processors such as a microprocessor, central processing unit, or the like. More particularly, theprocessing device 402 may be a complex instruction set computing (CISC) microprocessor, reduced instruction set computing (RISC) microprocessor, very long instruction word (VLIW) microprocessor, processor implementing other instruction sets, or processors implementing a combination of instruction sets.Processing device 402 may also be one or more special-purpose processing devices such as an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a digital signal processor (DSP), network processor, or the like.Processing device 402 is configured to execute the processing logic (instructions 422) for performing the operations and steps discussed herein. - The
computing device 400 may further include anetwork interface device 408. Thecomputing device 400 also may include a video display unit 410 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)), an alphanumeric input device 412 (e.g., a keyboard or touchscreen), a cursor control device 414 (e.g., a mouse or touchscreen), and an audio device 416 (e.g., a speaker). - The
data storage device 418 may include one or more machine-readable storage media (or more specifically one or more non-transitory computer-readable storage media) 428 on which is stored one or more sets ofinstructions 422 embodying any one or more of the methodologies or functions described herein. Theinstructions 422 may also reside, completely or at least partially, within themain memory 404 and/or within theprocessing device 402 during execution thereof by thecomputer system 400, themain memory 404 and theprocessing device 402 also constituting computer-readable storage media. - The various methods described above may be implemented by a computer program. The computer program may include computer code arranged to instruct a computer to perform the functions of one or more of the various methods described above. The computer program and/or the code for performing such methods may be provided to an apparatus, such as a computer, on one or more computer readable media or, more generally, a computer program product. The computer readable media may be transitory or non-transitory. The one or more computer readable media could be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, or a propagation medium for data transmission, for example for downloading the code over the Internet. Alternatively, the one or more computer readable media could take the form of one or more physical computer readable media such as semiconductor or solid-state memory, magnetic tape, a removable computer diskette, a random-access memory (RAM), a read-only memory (ROM), a rigid magnetic disc, and an optical disk, such as a CD-ROM, CD-R/W or DVD.
- In an implementation, the modules, components and other features described herein can be implemented as discrete components or integrated in the functionality of hardware components such as ASICS, FPGAs, DSPs or similar devices.
- A "hardware component" is a tangible (e.g., non-transitory) physical component (e.g., a set of one or more processors) capable of performing certain operations and may be configured or arranged in a certain physical manner. A hardware component may include dedicated circuitry or logic that is permanently configured to perform certain operations. A hardware component may be or include a special-purpose processor, such as a field programmable gate array (FPGA) or an ASIC. A hardware component may also include programmable logic or circuitry that is temporarily configured by software to perform certain operations.
- Accordingly, the phrase "hardware component" should be understood to encompass a tangible entity that may be physically constructed, permanently configured (e.g., hardwired), or temporarily configured (e.g., programmed) to operate in a certain manner or to perform certain operations described herein.
- In addition, the modules and components can be implemented as firmware or functional circuitry within hardware devices. Further, the modules and components can be implemented in any combination of hardware devices and software components, or only in software (e.g., code stored or otherwise embodied in a machine-readable medium or in a transmission medium).
- Unless specifically stated otherwise, as apparent from the following discussion, it is appreciated that throughout the description, discussions utilizing terms such as "receiving", "determining", "obtaining", "sending," "implementing," , "connecting", "detecting", "establishing" , "authenticating" or the like, refer to the actions and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
- It is to be understood that the above description is intended to be illustrative, and not restrictive. Many other implementations will be apparent to those of skill in the art upon reading and understanding the above description. Although the present disclosure has been described with reference to specific example implementations, it will be recognized that the disclosure is not limited to the implementations described but can be practiced with modification and alteration within the spirit and scope of the appended claims. Accordingly, the specification and drawings are to be regarded in an illustrative sense rather than a restrictive sense. The scope of the disclosure should, therefore, be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
Claims (15)
- A wireless token capable of representing a user network, the token comprising one or more processing modules configured to:authenticate the token with the user network;responsive to said authentication, obtain and store configuration information for enabling the token to communicatively couple a device within a defined proximity to the token with the user network;responsive to a wireless signal received from the device, establish a temporary secure communication channel between the device and the token; andprovide configuration information from the token to the device using the temporary secure communication channel, wherein the configuration information enables the device to establish a connection with and operate in the user network based on the obtained configuration information.
- The token as claimed in claim 1 wherein the user network represented by the token comprises a plurality of other devices that are communicatively coupled with each other and share data with each other to operate in the user network, and wherein the obtained configuration information from the token comprises instructions to configure the device to communicate and share data with one or more of the other devices.
- The token as claimed in claim 1 or 2 wherein the configuration information from the token comprises executable instructions to:
configure the device to be unresponsive to further or updated configuration information received from one or more devices representing one or more networks other that the user network associated with the token. - The token as claimed in any one of claims 1 to 3 wherein the configuration information from the token comprises executable instructions to:configure the device to respond to further or updated configuration information received from the token when the device is at or within the defined proximity to the token; andoperate in the user network based on the received further or updated configuration information.
- The token as claimed in claim 3 or 4 wherein the configuration information from the token comprises executable instructions to require a device reset for the device in the presence of the token at the defined proximity, prior to configuring the device to receive further or updated configuration information from the user network or the one or more other networks.
- The token as claimed in claim 5 wherein the configuration information configures the device to be unresponsive to the device reset if the token is not present at or within the defined proximity of the device.
- The token as claimed in any one of the preceding claims wherein the defined proximity is a distance in the range of 20 to 50 cm between the token and the device; and optionally the defined proximity is a distance that is less than 20 cm between the token and the device.
- The token as claimed in any one of the preceding claim configured to communicate with the device using near -field communication, and optionally the token is a wearable by a user.
- A device capable of wireless communication, the device including one or more processing modules configured to
detect a token proximate to it, the token being a token as claimed in any one of claims 1 to 8 representing a user network.
obtain configuration information from the token for registering the device with the user network, the user network comprising a plurality of other devices that are communicatively coupled with each other;
establish a connection with the user network; and
operate in the user network based on the obtained configuration information. - The device as claimed in claim 9 capable of communication with a plurality of tokens, each representing the user network, wherein the device is configured to obtain configuration information that is specific to each of the plurality of tokens for operating in the user network, when activated by a given token among the plurality of tokens.
- The device as claimed in any one of claims 9 or 10 being an loT enabled device, wherein the user network is an loT network including a plurality of other loT devices registered to the user network.
- A user network comprising:a plurality of devices that are communicatively coupled with each other and share data with each other to operate in the user network;a router or a control module for connecting the user network with one or more external wireless networks; anda database for storing information relating to each of the plurality of devices and data exchanged between them in the user network;wherein the user network is represented by at least one token, said at least one token being a token as claimed in any one of claims 1 to 8.
- The user network as claimed in claim 12 being an loT network, wherein each of the plurality of devices are loT enabled devices registered to operate in the user network.
- A method for a device capable of wireless communication with a user network, the method comprising the steps of:detecting, by the device, a token proximate to the device, said token being previously authenticated for managing communication of one or more devices with the user network; establishing, by the token, a temporary secure communication channel between the token and the device;obtaining, by the device via the temporary secure communication channel, configuration information from the token enabling the device to establish a connection with and operate in the user network;wherein the device is configured to connect to and operate in the user network based on the obtained configuration information from the token.
- A system for implementing the method for connecting with a user network as claimed in claim 12, the system comprising:a user network as claimed in any one of claims 12 or 13;at least one token as claimed in any one of claims 1 to 8 for representing the user network; andone or more devices as claimed in any one of claims 9 to 11 to be connected to the user network.
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18305845.2A EP3589000A1 (en) | 2018-06-29 | 2018-06-29 | Facilitating network connectivity |
US17/255,851 US11785453B2 (en) | 2018-06-29 | 2019-06-26 | Facilitating network connectivity |
EP19732672.1A EP3815410A1 (en) | 2018-06-29 | 2019-06-26 | Facilitating network connectivity |
PCT/EP2019/066945 WO2020002394A1 (en) | 2018-06-29 | 2019-06-26 | Facilitating network connectivity |
US18/241,290 US20240064508A1 (en) | 2018-06-29 | 2023-09-01 | Facilitating network connectivity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18305845.2A EP3589000A1 (en) | 2018-06-29 | 2018-06-29 | Facilitating network connectivity |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3589000A1 true EP3589000A1 (en) | 2020-01-01 |
Family
ID=62975983
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18305845.2A Withdrawn EP3589000A1 (en) | 2018-06-29 | 2018-06-29 | Facilitating network connectivity |
EP19732672.1A Pending EP3815410A1 (en) | 2018-06-29 | 2019-06-26 | Facilitating network connectivity |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19732672.1A Pending EP3815410A1 (en) | 2018-06-29 | 2019-06-26 | Facilitating network connectivity |
Country Status (3)
Country | Link |
---|---|
US (2) | US11785453B2 (en) |
EP (2) | EP3589000A1 (en) |
WO (1) | WO2020002394A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022094469A1 (en) * | 2020-11-02 | 2022-05-05 | Idac Holdings, Inc. | Method and apparatus for provisioning of localized temporary services (lts) hosting network credentials |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11599828B2 (en) * | 2020-02-27 | 2023-03-07 | Microsoft Technology Licensing, Llc | Management and operation of loosely coupled internet of things devices |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2740315A1 (en) * | 2011-08-05 | 2014-06-11 | Nokia Corporation | Method, apparatus, and computer program product for connection setup in device-to-device communication |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2937805B1 (en) * | 2003-09-30 | 2022-01-05 | Nxp B.V. | Proximity authentication system |
US7597250B2 (en) * | 2003-11-17 | 2009-10-06 | Dpd Patent Trust Ltd. | RFID reader with multiple interfaces |
WO2012030190A2 (en) * | 2010-09-03 | 2012-03-08 | 한국전자통신연구원 | System and method for managing resources in a communication system |
EP2624081B1 (en) * | 2012-01-31 | 2018-01-10 | Nxp B.V. | Configuration method, configuration device, computer program product and control system |
US8818276B2 (en) * | 2012-05-16 | 2014-08-26 | Nokia Corporation | Method, apparatus, and computer program product for controlling network access to guest apparatus based on presence of hosting apparatus |
US9420464B2 (en) * | 2014-12-15 | 2016-08-16 | Intel Corporation | Technologies for controlling network access based on electronic device communication fingerprints |
US9801216B1 (en) * | 2015-03-31 | 2017-10-24 | Amazon Technologies, Inc. | Peer-to-peer configuration |
US20170017947A1 (en) * | 2015-07-14 | 2017-01-19 | Assa Abloy Ab | Trusted nfc ticketing |
US10057261B2 (en) * | 2015-11-09 | 2018-08-21 | Fotonation Limited | Method for configuring access for a limited user interface (UI) device |
US20170149745A1 (en) * | 2015-11-19 | 2017-05-25 | Carrier Corporation | Wireless communication configuration device |
US9913143B1 (en) * | 2016-11-28 | 2018-03-06 | Amazon Technologies, Inc. | Auto-provisioning device |
US10798545B2 (en) * | 2017-03-02 | 2020-10-06 | Amazon Technologies, Inc. | Techniques for device discovery and configuration |
US10650130B2 (en) * | 2017-11-06 | 2020-05-12 | Ubs Business Solutions Ag | System and method for facilitating authentication via a short-range wireless token |
-
2018
- 2018-06-29 EP EP18305845.2A patent/EP3589000A1/en not_active Withdrawn
-
2019
- 2019-06-26 WO PCT/EP2019/066945 patent/WO2020002394A1/en active Application Filing
- 2019-06-26 US US17/255,851 patent/US11785453B2/en active Active
- 2019-06-26 EP EP19732672.1A patent/EP3815410A1/en active Pending
-
2023
- 2023-09-01 US US18/241,290 patent/US20240064508A1/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2740315A1 (en) * | 2011-08-05 | 2014-06-11 | Nokia Corporation | Method, apparatus, and computer program product for connection setup in device-to-device communication |
Non-Patent Citations (1)
Title |
---|
WI-FI ALLIANCE: "Wi-Fi Simple Configuration Technical Specification, Version 2.0.5", 4 August 2014 (2014-08-04), XP055280052, Retrieved from the Internet <URL:https://www.wi-fi.org/download.php?file=/sites/default/files/private/Wi-Fi_Simple_Configuration_Technical_Specification_v2.0.5.pdf> [retrieved on 20160613] * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022094469A1 (en) * | 2020-11-02 | 2022-05-05 | Idac Holdings, Inc. | Method and apparatus for provisioning of localized temporary services (lts) hosting network credentials |
Also Published As
Publication number | Publication date |
---|---|
US20210266736A1 (en) | 2021-08-26 |
EP3815410A1 (en) | 2021-05-05 |
US20240064508A1 (en) | 2024-02-22 |
US11785453B2 (en) | 2023-10-10 |
WO2020002394A1 (en) | 2020-01-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20240064508A1 (en) | Facilitating network connectivity | |
US9842446B2 (en) | Systems and methods for lock access management using wireless signals | |
EP3350736B1 (en) | Device enabled identity authentication | |
US10580240B2 (en) | Use of mobile device to configure a lock | |
US11196752B2 (en) | Multifactor authentication for secure management of data center assets from a mobile device | |
JP6337642B2 (en) | Method for securely accessing a network from a personal device, personal device, network server, and access point | |
US12041097B2 (en) | Automated service enrollment in a machine-to-machine communications network | |
US10645557B2 (en) | Transferable ownership tokens for discrete, identifiable devices | |
US20210314293A1 (en) | Method and system for using tunnel extensible authentication protocol (teap) for self-sovereign identity based authentication | |
US10182043B2 (en) | Methods and system for user and device management of an IoT network | |
US10841303B2 (en) | Apparatus and methods for micro-segmentation of an enterprise internet-of-things network | |
WO2017019871A1 (en) | Consistently configuring devices in close physical proximity | |
US20150081837A1 (en) | Provisioning a plurality of computing devices | |
US20080274696A1 (en) | Procedure for headset and device authentication | |
CN103929748A (en) | Internet of things wireless terminal, configuration method thereof and wireless network access point | |
US20090061822A1 (en) | Method and apparatus for multiterminal support using bluetooth based audio gateway | |
US9838832B2 (en) | Wireless communication device linking in an industrial automation environment | |
CN110022215A (en) | Industrial automation device and cloud service | |
US9763173B2 (en) | Regulatory domain identification for network devices | |
KR20160146753A (en) | Network node security using short range communication | |
CN107371160B (en) | Method and equipment for carrying out wireless connection pre-authorization on user equipment | |
WO2019060308A1 (en) | Peer assisted enhanced authentication | |
Wang et al. | Challenges and opportunities in onboarding smart-home devices | |
CA2878269A1 (en) | System and method for two factor user authentication using a smartphone and nfc token and for the automatic generation as well as storing and inputting of logins for websites and web applications | |
WO2016184133A1 (en) | Method and apparatus for realizing terminal to join into network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20200702 |